Ava Labs’ chief operating officer, Luigi D’Onorio DeMeo, has confirmed his X account was hacked after it posted about a newly launched Pokémon-themed memecoin along with links to suspicious airdrops.
Two of the posts on Aug. 19, which have now been deleted, shared the address to a Solana-based memecoin called Pika (PIKA) — styled after one of the media franchise’s central characters, Pikachu — in an apparent pump-and-dump scheme.
Many crypto users on X posted warnings not to click or follow any links.
DeMeo told Cointelegraph that he lost access to the account via a phishing email, with the attackers faking an email from X.
In an Aug. 19 X post, he added the email claimed someone accessed his account from another country and he needed to change his password, which DeMeo supplied along with a 2FA code, giving hackers access.
PIKA’s market capitalization hit a high of $388,570 shortly after the posts from DeMeo’s account at around 1:40 am UTC, but it quickly fizzled out, falling over 99% to a current market cap of $3,289, according to DEX Screener.
DeMeo’s hacked account also posted links to suspicious websites claiming Ava Labs is giving away Avalanche (AVAX) tokens and inviting users to connect their crypto wallet. It also turned off comments to stem others’ warning of the scam, claiming there was the possibility of “malicious links” being shared.
The websites are stylized to mimic Ava Labs’ design but likely host a wallet drainer that steals all the crypto in a connected wallet.
X account REKTBuildr earlier reported that a link to a different scam website was shared by DeMeo’s account, which was later taken down.
Related: Styx Stealer malware exploits Windows vulnerability to ‘clip’ crypto
They posted that the domain was registered 18 minutes before DeMeo’s account posted a link to it, estimating that it took attackers 30 minutes to register the domain, find hosting, and breach DeMeo’s account to share the scam link.
Similar attacks have been carried out this year. In July, the X account of actress Sydney Sweeney was hacked to promote a crypto token using her likeness.
Magazine: Crypto-Sec: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware
Update (Aug. 19, 10:30 pm UTC): This article has been updated to add a comment and an X post from DeMeo.